Re: [Gnumed-devel] Re: New public server up and ready for more GnuMedding...

[Karsten Hilbert]

> Presumably Carlos may need to create a 
> user (or not user, just shell?) account jbusser and
Yes, if you want/need to be able to work at the directory
level as opposed to the TWiki user interface level only.

>, as part of that 
> "account" creation, must he assign a password, either a "default" 
> one, or one I have requested in advance?
Yes, but he may never need to send it to you. If you send him
your public key he can install that locally which means you
can log in via SSH and change your password locally (uhm, ah,
actually, you'd need to know you password for that ... - so,
how does one do that securely ?).

> Once such a password exists, what advantage(s) is/are there to using a 
> key pair?
It's a different way of connecting. Sane people do not allow
users to connect with telnet over public networks. One could,
of course, use password-only SSH connections. The advantage of
using key pair SSH is that an attacker must not only know your
passphrase but also have a copy of your *private* key.

> Does it simply shorten the command required for the ssh 
> login (depending on the location of the private key), and/or save 
> having to remember the password (for example if I can name a key 
> carlos_server)? 
None of the above.

> It does not per se add security does it, since if 
> know the password I can regenerate the same private key?
Nope, you cannot.

> Horst's experience might suggest I should use a different key pair, 
> even while I try to not "join* the paranoid part ; -)
Agree.

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346